<%@include file="../connection.jsp"%>
<%
  Connection c = getConnection(session);	
  Statement s = c.createStatement(); 

  String userid = request.getParameter("userid");	  
  String password = request.getParameter("password");
  
  boolean validPass = false;
  
  ResultSet rs = s.executeQuery("select userid, password, name from users where userid = '"+userid+"' and active=1 and admin=1");
  if(rs.first())
  {
  		if(password.equals(rs.getString("password"))){
  			validPass = true;
			//HttpSession session = request.getSession();
	 	 	session.setAttribute("admin", userid);	
			session.setAttribute("userName", rs.getString("name"));
  		}
  }
  rs.close();
  c.close();
  s.close();
  
  if(validPass){    
  	response.sendRedirect("home.jsp"); 	  	
  }else{
  	response.sendRedirect("../login.jsp?wp=1"); 
  }
%>
